GUIDELINES FOR THE SECURITY ANALYSIS, TESTING, AND EVALUATION OF RESOURCE-SHARING COMPUTER SYSTEMS

Declassified in Part - Sanitized Copy Approved for Release 2013/03/21 : CIA-RDP89B01354R000200320003-2 SE CSS-R -6 2 APR 1971 UNITED STATES INTELLIGENCE BOARD SECURITY COMMITTEE MEMORANDUM ChaIrman, UnIted States Intelligence Board SUBJECT REFERENCES t Guidelines for the Security Analysis, Testing, and Evaluation of Resource- Sharing Computer Systems Joint memo dated 23 April 1970 for Chairman, USIB from Chairman, Security Committee and Chairman, Intelligence Information Handling Committee, subject: Controlled Multi-Level Security Test of DIA Analyst Support and Research System (IFIC-D432/1; USIB-D-71.9/1) (b) Secretaryls Notes, USIB Minutes dated 14 May 1970 (UM-M-570) 1. This memorandum forwards a Security Committee report for United States Intelligence Board information and noting* 2. Paragraph 9d of Reference (a) recommended that the United States Intelligence Board request the Security Committee GROUP 1 Excluded from auto tic downgrading and C____:tCjEELDF2N1VC:C--- declassification Declassified in Part - Sanitized Copy Approved for Release 2013/03/21 : CIA-RDP89B01354R000200320003-2 Declassified in Part - Sanitized Copy Approved for Release 2013/03/21 : CIA-RDP89B01354R000200320003-2 CONFIDENTIAL to eubnul for the Boards approval minimum security require- ments for multi-level operation of computer systems in a con- trolled Top Secret environment and guidelines for the security testing of such systems. This recommendation was approved by the Board on 12 May 1970 as recorded in Reference (b). 3. Minimum security requirements for the multi-level operation of computer systems were developed by the Computer Security Subcommittee and approved by the Director of Central Intelligence with the concurrence of the Board on 7 January 1971 as DCII) No. 1/16. This memorandum submits "Guidelines for the Security Analysis. Testing, and Evaluation of Resource-Sharing Computer Systems" in response to the second part of the tasking mentioned in paragraph 2 above. 4. These guidelines have been developed by the Computer Security Subcommittee acting in a staff capacity as the UM group most knowledgeable of the subject. Their preparation has been greatly enhanced through the assistance of technical com- puter specialists in individual member agencies. The report has been approved by the Security Committee. S. Your attention is invited to the non-prescriptive approach to the problem taken by the Subcommittee. In contrast to the DCII) No. 1/16, it does not speak in terms of requirements for the security testing of Community computer systems, but rather provides guidance on how to approach the problem of analysing, testing, and evaluating our systems from a security standpoint. Implementation of these guidelines in an individual agency, there- fore, is left to the discretion of the USIB participant concerned. STAT Chat rman USIB Security Committee CONFIDENT Declassified in Part - Sanitized Copy Approved for Release 2013/03/21 : CIA-RDP89B01354R000200320003-2 Declassified in Part - Sanitized Copy Approved for Release 2013/03/21 : CIA-RDP89B01354R000200320003-2 ...CT: Guidelinesfor the Scuftty Analysis. Testing, and EvaIna 'en of Resource-Sharing Cornuter Syste Distrib Otis* I Ads att) 1 - Chau 01v1(w 1 - Exec. Secretary/ O IPS 1 - 1P13 Chrono 1971) STAT CONFLOMTIAIL Declassified in Part - Sanitized Copy Approved for Release 2013/03/21 : CIA-RDP89B01354R000200320003-2